Pick to lead cyber command lays out battle plans

The Defense Department’s planned Cyber Command isn’t designed to militarize cyberspace, the Army lieutenant general picked to lead the command told senators today during his confirmation hearing.

Keith Alexander, the nominee who also heads up the National Security Agency, told a Senate panel that if confirmed to head DOD’s Cyber Command. his primary focus would be on building the capacity, capability, and partnerships required to secure the military’s operational networks.

“This command isn’t about efforts to militarize cyberspace, rather it is about safeguarding the integrity of our military’s critical information systems,” he said. Alexander said DOD’s gateways face hundreds of thousands of probes every day.

Meanwhile, Alexander said although there would be significant synergy between NSA and the new Cyber Command, each organization would have a separate and distinct mission.

Defense Secretary Robert Gates ordered the establishment of the new command last June, and the organization was supposed to reach initial operating capability last October. However, the Senate Armed Services Committee had been slow to hold a confirmation hearing for Alexander, as its members considered questions about the planned command.

Sen. Carl Levin (D-Mich.), who chairs the committee, said during today’s hearing the panel has proceeded methodically to get a better understanding of key issues, and the committee has been assured that DOD and the Obama administration are committed to improving cyberspace policy.

Under questioning from senators, Alexander said the command could be started under existing legal authorities, but there was a lot of uncharted territory in cyber policy, law, and doctrine. Alexander ran through a series of hypothetical scenarios presented by Levin to illustrate how the new command would respond to different attack situations.

Alexander said the command could operate under traditional military authorities outside the United States, and could offer the Homeland Security Department support to deal with an attack on a domestic target. Meanwhile, Alexander cited the learning the identities of cyber attackers, neutrality, and collaboration with industry as challenges related to an attack scenario involving an attack on U.S.-based critical infrastructure during peacetime.

“I think one of the key things we’ll look at in the future is asymmetric attacks on cyberspace in this country: How do we help the Homeland Security Department do [its] mission,” Alexander said.

In response to a previous series of questions from the panel, Alexander said all military actions taken in cyberspace must comply with the international laws that govern military operations that requires conformity with principles of military necessity, discrimination, and proportionality.

“Offensive cyber weapons would only be authorized under specific lawful orders by the [defense secretary] and the president and would normally come with supplemental rules of engagement,” he wrote.

Alexander also wrote that the command wouldn’t exercise command or take operational control of the Defense Information Systems Agency's communication networks. DISA would continue to be responsible for acquiring engineering and provisioning expertise infrastructure, he explained.